Site icon Liquidmatrix Security Digest

Pennsylvania Voter Site Springs Data Leak

From Network World:

With voting in Pennsylvania’s presidential primary just a month away, the state was forced to pull the plug on a voter registration Web site Tuesday after it was found to be exposing sensitive data about voters in the state.

The problem lay in an online voter registration application form that was designed to simplify the task of registering to vote. State residents used it to enter their information on the Web site, which then generated a printable form that could be mailed to state election officials. Pennsylvania’s Department of State disabled the registration form late Tuesday after being informed of the vulnerability by IDG News Service.

Because of a Web programming error, the Web site was allowing anyone on the Internet to view the forms, which contained data such as the voter’s name, date of birth, driver’s license number and political party affiliation. On some forms, the last four digits of social security numbers could also be seen.

“Upon learning of this situation, the Department of State acted immediately to disable the specific page,” said Department of State Spokeswoman Leslie Amoros in an e-mail message.

Ouch. So much for commissioning testing before roll out. After checking the site I was presented with an invalid cert. Hmm.

Article Link

Exit mobile version